I am using m0n0wall 1.235 (built on Thu Sep 4 21:49:17 CEST 2008) on a
Soekris 4511. On my LAN, I connected an IPSec client to a remote server.
I have problem for getting big files (more than 50 kB) on a remote
I made a wireshark capture between the Internet and my soekris box and
between my soekris box and the computer with the IPsec client. I saw
there is an issue with fragmented packets.
For example, the client is receiving three packets. Packets 1 and 2 are
fragmented. Not packet 3.
- Packet 1 is 1500 bytes long and have Flag to 0x02 (More Fragments) and
Fragment offset to 0x00. IP identification is 0x7820.
- Packet 2 is 88 bytes long and have no Flag (set to 0x00) and Fragment
offset to 1480. IP identification is 0x7820.
- Packet 3 is 1168 bytes long and no Flag and no Fragment offset. IP
identification is 0x7821.
After the soekris box, I cannot find packet 2. Packet 1 is the same, but
with the new computer lan IP address. I can find also packet 3. So
packet 2 was dropped by m0n0wall. I can send the wireshark capture to
the people interested.